Blog Post

Veritas Alta™ Blog

Data Protection: A Target for Bad Actors and Malware

DylonM's avatar
Level 1
3 years ago

Today, cyber resiliency and the threat of ransomware attacks are top concerns for every industry throughout the globe. According to the 2022 SonicWall Cyber Threat Report, researchers observed 623.3 million global attacks. This total marked a 105% increase over 2020 and more than triple the number seen in 2019." It is now clear that ransomware is the fastest-growing type of cybercrime, RaaS (Ransomware-as-a-Service) has developed into an organized, lucrative business model, and attackers are continually evolving creative techniques to pass even the most vigilant frontline security. 

Those that attended our Conquer Every Cloud event on February 23rd were able to examine the present-day cloud landscape from multiple perspectives, go deep on best practices around protection and resilience, and look ahead to the emerging innovations that will help ensure your continued success in the multi-cloud. 

Historically, many might consider backup and recovery of your data the last line of defense against ransomware attacks. At Veritas, we recommend prioritizing a secure backup strategy and optimizing for recovery as a meaningful and reliable part of a comprehensive, multi-layered cybersecurity strategy. It's not just your data that goes down in the event of a ransomware attack—it's your business. 

Data Protection is a target for bad actors and malware. They know it's the safety net, so they work to weaken the backup solution systematically. Veritas developed NetBackup with resiliency top of mind and security at its core, so we could provide our customers with dependable solutions to ensure their business is up and running with minimal impact. 

It Starts with Near Real-Time Anomaly Detection 

Detecting anomalies in backup images provides you with an important metric to play a role in the organization's security posture and understand trends and deviations in the enterprise data protection footprint. An anomaly is any significant change in backup image size, the number of backup files, data that is transferred in KB, deduplication rate, and/or backup job completion time.   

NetBackup provides artificial intelligence-powered (AI-powered) anomaly detection, which detects out-of-the-ordinary data and user activity across your entire environment and alerts of suspicious anomalies, in near-real-time. The technology can mine an enormous amount of data, automate monitoring and reporting, and provide actionable insights into what is happening in your environment. 

Introduced in NetBackup 9.1, Anomaly Detection uses metadata already available to key in on likely indicators of issues.  NetBackup uses machine learning to detect anomalies, using statistical data clustering analysis, to form an anomaly's score.  A higher score is more significant and reflects how different one set of data is compared to previous sets of data to form a baseline.  

Anomalies in the data protection landscape are just the beginning of the story, and with malware as a serious possibility, you need more security checkpoints inside the perimeter of the IT ecosystem. 

Anomalies Help Locate Malware to be Eliminated 

Veritas provides both automated and on-demand malware scans for protected backups. The automated malware scanning feature will remove the human dependency and allow AI/ML technology to jump in and scan for malware. A high anomaly score automatically triggers the Malware scan. Scanning includes unstructured data, both Windows and Linux. This is vital because malware often enters your environment in a home directory, as these are most typically the locations where large sets of unstructured data exist.  

When recovery is necessary, the backup data is scanned. Clear visuals and warning prompts provide awareness of infected backups, ensuring that all data restored is clean and uninfected. This practice is often referred to as restoring to the "last known good" copy. 

On-Demand scanning allows you to target images within a specific range for potential infection. The scan's output is tagged to the image and offers common remediation actions. When you're taking advantage of deduplication storage for cost-savings, the on-demand scan can be used for images as they pass through the MSDP pool during their Storage Lifecycle Policy operations. Once an infected image is detected, you can expire all copies, or leave the image in place where the tag will alert when the backup image is selected in a recovery workflow in the future. 

Data Protection is a target for bad actors and malware. Bad actors assume this is an unmonitored gap, and changes won't be noticed until it is too late. Anomaly Detection can show where the environment is deviating from expectations and then take action to protect the valuable IT infrastructure with automated malware scanning.   Ultimately, detecting anomalies in the backup images offer more insight into the broad range of data protected by NetBackup. Respond to anomalies with an integrated malware detection solution to ensure your business is up and running and protected from ransomware and malicious attacks. 

Combine anomaly detection with malware scanning to create confidence and identify threats before they're a problem. Recover quickly by planning ahead. And when the worst happens, be the author of your own story where collaborative and purposeful planning and execution avert a potential disaster.

For more information on NetBackup and best practices to combat ransomware, visit

Updated 3 years ago
Version 1.0
No CommentsBe the first to comment